A power user’s guide to OS X Server, Mavericks edition

Mavericks runs version 3.0 of Server.app, the user-friendly face of OS X Server.

Andrew Cunningham

The Mountain Lion version of OS X Server marked the end of a transition for Apple's server software. When Apple released OS X 10.6 in 2009, Server was an expensive and entirely separate version of OS X that only shipped on Apple's rack-mountable XServe systems and cost $1,000 if you wanted to run it on any of your other Macs. Fast-forward to 2012 and the XServe was long-dead, OS X Server was a $20 add-on to OS X, and the powerful-but-complex tools used to manage and configure the server software had been thrown out in favor of a greatly simplified application primarily controlled via big on/off switches. It took a couple of years, but Apple had done the same thing to its server hardware and software that it did to Final Cut Pro. The company made its features more accessible for small businesses and high-end consumers at the expense of features important to a subset of professional users.

The Mavericks version of OS X Server ushers in no such sweeping changes. In fact, the scope of the update is closer to the incremental updates that the Mountain Lion version has received between its launch in July of 2012 and now. Despite a version number increase from 2.X to 3.X, OS X Server is finished with the major overhauls. The software has been changed from an enterprise-targeted package to one better suited to power users and small businesses. Now that the transition is complete, it's clear that slow, steady improvement is the new normal.

This means there's a little less truly new ground to cover than there was last year, but in keeping with last year’s review, we’re still going to go through all of the services OS X Server offers item by item. This will serve as both an evaluation of those services as well as a basic how-to guide for those who are new to the software—in cases where nothing has changed, we have re-used portions of last year's review. If you'd like to read more about OS X Server's transition from an enterprise product to a "prosumer" product, that's background information that we covered last year.

Installation, setup, and getting started

Andrew Cunningham

When configuring a new OS X Server, the install process is the same as it was in Mountain Lion: take any Mac running OS X 10.9 and download and install the Server software package (hereafter Server.app) from the Mac App Store. Unlike Mavericks itself, Server.app 3.0 is still a $19.99 download both for new customers and for people upgrading from Mountain Lion or Lion Server, though download codes are being offered free of (additional) charge to members of Apple’s $99-a-year OS X and iOS developer programs. The older Server.app versions won’t run in Mavericks, and Server.app 3.0 won’t run in Lion or Mountain Lion, so the upgrade process is an all-or-nothing proposition.

Apple has removed most of the more intimidating configuration screens from the Server installation process. Where Mountain Lion Server and older versions would ask for hostname and IP address configuration (among other things), the new Server.app gets right to the point. Agree to the EULA, input an administrator’s username and password, and wait for the first-time setup process to complete. Configuring those more advanced settings can still be done after the fact in Server.app, but for home users, the more intimidating barriers to installation have been removed.

Another consumer-y touch is the addition of new Server Tutorials, which pop up in front of the Server.app window first thing after the first-time setup has completed. The old Server.app had a persistent “Next Steps” area across the bottom of the screen that would assist newbies through some of the server basics, but the Server Tutorials are more friendly and more comprehensive all around.

Enlarge/ The new Tutorials aren't a new feature per se, but they make existing features easier for newbies to learn.

Andrew Cunningham

Enlarge/ The older, more exhaustive Help files are still available, as is Apple's extensive online documentation.

Andrew Cunningham

Each tutorial starts with an objective stated in plain language: “share files” or “provide centralized backup” or “host a website.” Clicking on each section opens up a tutorial that explains services like File Sharing and Time Machine at a high level before providing step-by-step instructions with screenshots and some resources for further reading—the “Advanced Topics” section of Apple’s online OS X Server help is generally the first stop.

Apple’s online help and the old-style Server Help files are all still there in the Mavericks version of OS X Server, but the new Server Tutorials fill a pretty obvious user education gap from older versions of the software. Along with the simplification of the setup process, they make it easier for a Mac enthusiast to make the jump from being a regular old OS X user to an amateur server administrator. Learning OS X Server before was a study in digging into Help files, Googling, and just poking around at stuff until it seemed like it was working, but the tutorials provide neophytes a clearer path from Point A to Point B.

Meet Server.app

Enlarge/ Server.app has been spruced up, but it should still be familiar if you used it in Mountain Lion.

Andrew Cunningham

If you want to do basically anything with OS X Server, you’re going to do it with Server.app. This all-in-one server administration tool has completely replaced the more advanced but less user-friendly Server Admin Tools from Lion and older versions of OS X, but it supports most of the same features. The look of the application has changed a little from its Mountain Lion incarnation—linen has been excised, the default window size is wider, and the way items are organized and presented has been rethought, mostly for the better—but it’s still largely the same interface.

Server.app is used to:

Manage local and Open Directory users and groups

Enable, disable, and configure services, all of which we'll be discussing individually

Add SSL certificates

Set remote management preferences

Enable push notifications

Check your server's status and log messages

You can launch the app directly from the server itself, or you can install it on any OS X client computer and connect to your Mavericks servers using their host names or IP addresses—just click Connect to Server from the Manage menu. Server.app in Mavericks is able to manage both Mavericks servers and older Mountain Lion servers, so if you manage multiple servers and don't want to upgrade all of them at once, you'll be able to use the same tool to control them both. Server.app in Mountain Lion couldn't connect to Lion servers, so this is a welcome change.

Enlarge/ Managing a Mountain Lion server from the Mavericks version of Server.app.

Andrew Cunningham

Looking at the left of the screen, start at the top and work your way down. Items in the "Server" section are all about server monitoring and general administration. This is where you can view uptime and log information, usage statistics, log files from your various services, and any alerts that the server may have generated. Even in the Alerts section, Mavericks dumbs things down a bit in the name of user friendliness. Things like "S.M.A.R.T. status" and "Disk unreachable" have been consolidated under "Disk," while most of the headings have been simplified.

Finally, the Server section of Server.app is where you configure push notifications for your services. Push notifications are used with the Mail, Contacts, Calendar, and Profile Manager services to alert your users when new messages or calendar invites or other data comes in. Apple's support documentation recommends using push notifications with these services as a more efficient alternative to polling the server for data at a set interval. Push notifications are also used to alert server administrators when new Alerts are generated—any Mac that has connected to your server using Server.app will receive these Alerts in its Notification Center.

A few of the things that Server.app does: managing remote access settings.

A few of the things that Server.app does: managing remote access settings.

Monitoring alerts.

Managing certificates.

Viewing logs for the server and the individual services.

Resource usage stats.

And, finally, managing remote servers.

Push notifications can be sent from your server to any OS X or iOS client that it manages. You first need to get a Push Notification Service certificate from Apple using an organizational Apple ID as opposed to the personal Apple ID that you might use in the Mac App Store or with an Apple Developer account. The certificate, which is used to encrypt the communication between your server and your clients, is free, but it must be renewed yearly.

Most of your time in Server.app will be spent in the "Accounts" and "Services" sections. We'll talk more about Accounts later in the Open Directory section, since it's mostly useful for administrators of small to medium-size businesses using their Macs to manage user credentials and permissions. The panes for Server's various services are where you'll spend the vast majority of your time in OS X Server, and we'll be going through each service one by one to explain their particular uses and features.

The only universal change to all Service panes is the addition of a new Access section that gives you more granular status messages about what the service is doing at a particular point in time, along with a link to an OS X Server help file with more information for each service. Most of the time this message will just tell you whether the service is on or off, but again, the name of the game is user-friendliness. This information will mostly be redundant or unnecessary for the power user, but Apple is working to make Server easier to learn for people new to the software.

Finally, there's now a separate section in Server.app for "Advanced" services, including DHCP, DNS, FTP, NetInstall, Open Directory, Software Update, and Xsan. These services are all hidden by default in the View menu (again, one assumes, to keep newbies from stumbling onto them), but clicking any of them will cause all of them to show up in Server.app as they normally would in Mountain Lion. We'll be going through all of them to talk about what they do, but unlike some of the non-advanced services, there are very few changes between the Mavericks and Mountain Lion versions.

It almost seems like they've refactored OS X server to compete with Windows 8 Pro instead of server. It's a useful value add for home users, but Apple has all but given up on business servers. I'd even argue that with the implementation of SMB for default sharing that Windows Server is a better choice for Mac clients than Mac server.

It's worth noting that the VPN service has been completely broken for many (most?) users since the release of Mavericks. The App Store reviews are full of one-star reviews that essentially boil down to "it's broken", and there are numerous threads on the Discussion boards. So far, no response from Apple (typical). For example:https://discussions.apple.com/thread/54 ... 5&tstart=0

The greatest achilles heel with OS X Server for me has never been lack of functionality - that can always be augmented/replaced with other tools. Rather it's been that it's an extremely fragile setup, and when it breaks it breaks severely and inscrutably. I've had to restore from backup many times after attempting to edit Apache config files and having it break half of OS X Server (since Web, Profile Manager, Wiki, WebDAV, and Calendar/Contact syncing all flow through Apache).

"When Apple released OS X 10.6 in 2009, Server was an expensive and entirely separate version of OS X that only shipped on Apple's rack-mountable XServe systems and cost $1,000 if you wanted to run it on any of your other Macs."

I own a Mac mini Server- (dual 500GB internal HDs) that shipped with the OS- Snow Leopard Server- and it is still working in my Living Room to this very day. I run front Row as a UI for iTunes and Eye TV software for DVR service.

The screenshots show misconfigured DNS, a misconfigured hostname, misconfigured Open Directory, misconfigured VPN and a misconfigured Mail service. Looks like Apple did not simplify the services enough for users who lack a basic understanding of networks… ("Power user's guide"? Really?)Advanced, more detailed configurations are still possible in Server 3 - via the command line.

The screenshots show misconfigured DNS, a misconfigured hostname, misconfigured Open Directory, misconfigured VPN and a misconfigured Mail service. Looks like Apple did not simplify the services enough for users who lack a basic understanding of networks… ("Power user's guide"? Really?)Advanced, more detailed configurations are still possible in Server 3 - via the command line.

The article was a disappointment, coming from Ars. It was as though the author never tried to actually use Server. I would advise Ars to pull this review entirely.

Server presents a GUI to familiar *nix networking tools and services. It's a small advancement in terms of newbie-friendliness but by no means does it make setting up and managing networking services any sort of piece of cake. Networking services is still an impenetrable acronym-fest and a bramble-patch of interrelated and sometimes conflicting settings, and OS X Server does nothing to address that. For example, Back to My Mac and L2TP conflict... you can't have both services activated. Good luck finding that out without googling over a broken setup. It would have not been difficult for a user-friendly Server package to warn when the user attempts to activate both, but previous versions did not. I don't know if the current version does... I had to revert to a backup, due to essential services being broken.

For example, in the latest version, VPN doesn't "just work". A pretty essential service, it is totally broken. This isn't just a case of Apple rolling back features, perhaps to re-architect a software product for subsequent advancement a la iWork and Final Cut Pro. Instead, stuff that should be working and was previously working suddenly isn't. Even many of the help screens are missing. Very disappointing of Apple, and very disappointing of Ars not to call them to account.

I just asked in case anyone had an extra copy/redemption key. $20 not spent on this software just to learn it's ins and outs is $20 I can spend on gas or food, that's all. No big deal, I didn't see the harm in asking. I was just going to throw it on a Mac a friend gave me. Thanks anyways.

If you're a registered developer, there was a freebie for OS X Server... might still be the case.

The Server.app is a necessary evil, but the real power is truly discovered using the $serveradmin CLI tool. Unfortunately, Apple doesn't have any robust documentation on the tool and many of its features require you to reverse-engineer how it works.

I've been using Mac OS X Server since 10.0 beta, and because of the changes after 10.6, I've decided to start moving a lot of the services (mail, DNS, httpd, etc.) off of the Mac OS X server and onto CentOS VMs. Although Mac OS X is easier to manage and make changes to, I cannot give up the power-user features lost from 10.6 (specifically pointing out bind and mail). Apple completely dropped webmail from the server, and as an admin, it was the easiest way to check user's email issues and such. Horde and/or squirrel won't install onto 10.9 without major work, and I doubt it's even worth it at this point.

Apple exited the server business years ago. This is just a dimly glowing coal in its ashes.

A server OS not worth the name that even lacks server hardware. And then 10 pages are spent on an article.

IMO if you need a home server just go with Windows or some easy to use Linux distro. You can even run several of them together on a hypervisor if so inclined. Hell, even a synology or qnap NAS is more interesting than this Apple "server".

…you are granted a limited, non-transferable, non-exclusive license: […] (iii) to install, use and run up to two (2) additional copies or instances of the Apple Software within virtual operating system environments on each Mac Computer you own or control that is already running the Apple Software, for purposes of: (a) software development; (b) testing during software development; (c) using OS X Server; or (d) personal, non-commercial use.

This paragraph is actually not new for 10.9 but was there since 10.7 or possibly even earlier. I suppose it's not as permissive as some would like due to Apple insisting on Mac hardware.

A server OS not worth the name that even lacks server hardware. And then 10 pages are spent on an article.

IMO if you need a home server just go with Windows or some easy to use Linux distro. You can even run several of them together on a hypervisor if so inclined. Hell, even a synology or qnap NAS is more interesting than this Apple "server".

Great! Then tell me which version of Windows or Linux server I should install to get Time Machine backups, Apple SUS, and Apple caching software?

Yes I know there are a lot of hacks for Time Machine and I can use Reposado for SUS, but where is my alternative for the caching service?

IMHO, I completely abandoned Apple's VPN implementation because it's always been kludgy. If you're using a mixed environment (Macs and PCs), it's more trouble than it's worth.

I instead found an old, beat-up PC and installed pfSense on it with a second NIC. It supports OpenVPN nicely (Viscosity is the Apple client $9) and IPsec (VPNTracker, $49). It might do L2TP, but I went with OpenVPN instead. There's also an iOS OpenVPN client. pfSense comes with an OpenVPN client exporter (free) that works like a charm.

Again, it was my own choice to do this because it's less headache. YMMV.

I have to add though, you talk a lot about how certain apps / services within OS X Server Mavericks is not complicated enough and / or powerful enough but you do not go into exactly what those features are that are missing within it's Server Application environment. Same thing goes for using it in the context of a mixed-environment (i.e. with a lot of windows and linux clients). I know it's always the "soup de jour" to always label certain products / services that Apple provides as "too simple" or "not powerful enough"... but I think it is critical that you actually NAME and / or POINT OUT those power features that are missing within the Server app and more importantly, HOW it actually helps improve the product.

If your going to give John S. a run for his money, you really need to kind of step up your game here a little bit and expand on your reasonings behind the conclusions that you state. All and all, like I posted before, very informative. :-)

Looks like it will be business as usual for me in Server 3.0. The majority of anything I need to do will still have to happen in the command line or the server admin tools. I will also guess that the built in / bundled apache is still a pain to deal with too.

Oh. And it still needs a built-in iSCSI initiator. With so many NAS products supporting targeting these days the need has never been greater.

Andrew Cunningham / Andrew has a B.A. in Classics from Kenyon College and has over five years of experience in IT. His work has appeared on Charge Shot!!! and AnandTech, and he records a weekly book podcast called Overdue.